bcgov · ShawnTurple · Mar 1, 2024 · Mar 1, 2024
diff --git a/helm/README.md b/helm/README.md
@@ -29,9 +29,9 @@ To restore from a backup:
 2. Find the `RELEASE_NAME` of the app you want to restore to. This should match the name of the PersistentVolumeClaim that contains the database backups, for example if your PVC is called `example-notifybc-dev-notify-bc-cronjob-mongodb-backup`, the `RELEASE_NAME` should be `example-notifybc-dev`.
 3. Determine the `BACKUP_DATE`, the date of the backup you want to restore from. For example if you want to restore from a backup created on January 25th, 2024, the `BACKUP_DATE` should be `20240125`.
    - Depending on the backup schedule there may be multiple backups performed per day in which case the latest backup from the given `BACKUP_DATE` will be used.
-4. From the root of this project, run the command:
+4. From the root of this project, run the following command:
     ```bash
-    oc process -f helm/deployments/openshift/backup-restore.yaml -p RELEASE_NAME="{RELEASE_NAME}" -p BACKUP_DATE="{BACKUP_DATE}" | oc apply -f -
+    oc process -f helm/deployments/openshift/backup-restore.yaml -p RELEASE_NAME="example-notifybc-dev" -p BACKUP_DATE="20240125" | oc apply -f -
     ```
-    (replacing `{RELEASE_NAME}` and `{BACKUP_DATE}` with the values found earlier) to run the database restore job.
+    (replacing the example values `example-notifybc-dev` and `20240125` with the values found earlier) to run the database restore job.
 5. A Job and a Pod will be created to perform the restore process which can be monitored in OpenShift. Both will be cleaned up automatically a few minutes after the process is complete.
diff --git a/helm/deployments/openshift/notify-build.yaml b/helm/deployments/openshift/notify-build.yaml
@@ -0,0 +1,48 @@
+# ImageStream api-run
+apiVersion: image.openshift.io/v1
+kind: ImageStream
+metadata:
+  annotations:
+    description: Image for the notify application
+  labels:
+    role: app
+  name: notify-bc
+
+---
+# BuildConfig api-run
+apiVersion: build.openshift.io/v1
+kind: BuildConfig
+metadata:
+  annotations:
+    description: Image Build for notify bc application
+  labels:
+    role: app
+  name: notify-bc
+spec:
+  failedBuildsHistoryLimit: 1
+  successfulBuildsHistoryLimit: 2
+  strategy:
+    dockerStrategy:
+      from:
+        kind: DockerImage
+        name: node:20.9.0-slim
+      incremental: false
+    type: Docker
+  source:
+    contextDir: ./
+    git:
+      ref: main
+      uri: https://github.com/bcgov/NotifyBC.git
+    type: Git
+  output:
+    to:
+      kind: ImageStreamTag
+      name: notify-bc:latest
+  resources:
+    limits:
+      cpu: "2"
+      memory: 2Gi
+    requests:
+      cpu: "1.5"
+      memory: 1.5Gi
+  runPolicy: Serial
diff --git a/helm/platform-specific/openshift.yaml b/helm/platform-specific/openshift.yaml
@@ -1,36 +1,3 @@
 service:
   smtp:
-    type: ClusterIP
-mongodb:
-  podSecurityContext:
-    enabled: false
-  containerSecurityContext:
-    enabled: true
-    runAsUser: 1004000000
-    runAsNonRoot: true
-  arbiter:
-    podSecurityContext:
-      enabled: false
-    containerSecurityContext:
-      enabled: true
-      runAsUser: 1004000000
-      runAsNonRoot: true
-redis:
-  master:
-    podSecurityContext:
-      enabled: false
-    containerSecurityContext:
-      enabled: true
-      runAsUser: 1004000000
-  replica:
-    podSecurityContext:
-      enabled: false
-    containerSecurityContext:
-      enabled: true
-      runAsUser: 1004000000
-  sentinel:
-    podSecurityContext:
-      enabled: false
-    containerSecurityContext:
-      enabled: true
-      runAsUser: 1004000000
+    type: ClusterIP
diff --git a/helm/templates/cronjob.yaml b/helm/templates/cronjob.yaml
@@ -5,7 +5,7 @@ metadata:
   name: {{ include "NotifyBC.fullname" . }}-mongodb-backup
   labels: {{- include "NotifyBC.labels" . | nindent 4}}
 spec:
-  concurrencyPolicy: Forbid
+  concurrencyPolicy: Replace
   schedule: '{{ .Values.cronJob.schedule }}'
   jobTemplate:
     spec:

diff --git a/helm/templates/deployment-app.yaml b/helm/templates/deployment-app.yaml
@@ -41,14 +41,14 @@ spec:
                 -headless
               {{- end }}
             - name: MONGODB_USER
-              value: {{ .Values.mongodb.auth.username }}
+              value: {{ .Values.mongodb.auth.usernames | first }}
             - name: MONGODB_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ .Release.Name }}-mongodb
-                  key: mongodb-password
+                  key: mongodb-passwords
             - name: MONGODB_DATABASE
-              value: {{ .Values.mongodb.auth.database }}
+              value: {{ .Values.mongodb.auth.databases | first }}
             - name: MONGODB_ADMIN_PASSWORD
               valueFrom:
                 secretKeyRef:

diff --git a/helm/templates/deployment-cron.yaml b/helm/templates/deployment-cron.yaml
@@ -41,14 +41,14 @@ spec:
                 -headless
               {{- end }}
             - name: MONGODB_USER
-              value: {{ .Values.mongodb.auth.username }}
+              value: {{ .Values.mongodb.auth.usernames | first }}
             - name: MONGODB_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ .Release.Name }}-mongodb
-                  key: mongodb-password
+                  key: mongodb-passwords
             - name: MONGODB_DATABASE
-              value: {{ .Values.mongodb.auth.database }}
+              value: {{ .Values.mongodb.auth.databases | first }}
             - name: MONGODB_ADMIN_PASSWORD
               valueFrom:
                 secretKeyRef:

diff --git a/helm/templates/network-policy-redis-ingress.yaml b/helm/templates/network-policy-redis-ingress.yaml
@@ -19,5 +19,6 @@ spec:
         - podSelector:
             matchLabels:
               app.kubernetes.io/name: {{ include "NotifyBC.name" . }}-app
+              app.kubernetes.io/instance: {{ .Release.Name }}
   policyTypes:
     - Ingress
diff --git a/helm/templates/pvc.yaml b/helm/templates/pvc.yaml
@@ -2,6 +2,8 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
+  annotations:
+    "helm.sh/resource-policy": keep
   name: {{ include "NotifyBC.fullname" . }}-cronjob-mongodb-backup
   labels: {{- include "NotifyBC.labels" . | nindent 4}}
 spec:

diff --git a/helm/values.yaml b/helm/values.yaml
@@ -86,9 +86,12 @@ affinity: {}
 
 mongodb:
   architecture: replicaset
+  replicaCount: 3
   auth:
-    username: notify-bc
-    database: notify-bc
+    usernames:
+      - notify-bc
+    databases:
+      - notify-bc
     password: ''
   persistence:
     size: 1Gi
@@ -97,11 +100,9 @@ mongodb:
   containerSecurityContext:
     enabled: false
   arbiter:
-    podSecurityContext:
-      enabled: false
-    containerSecurityContext:
-      enabled: false
-
+    enabled: false
+  readinessProbe:
+    timeoutSeconds: 10
 configMap:
   config.local.js: |-
     module.exports = {};